Lead Network Security Architect

Location: Seattle, Washington; Chicago, Illinois; San Francisco, California

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management, e-signature, and contract lifecycle management (CLM). As the #1 company in these spaces, we unleash business-critical data trapped in documents, connecting it to systems of record to drive efficiency and innovation. Join our security team to safeguard this global platform. The Lead Network Security Architect defines and leads Docusign’s Network Security Strategy, developing standards, architecture patterns, and data-driven governance models that secure connectivity across our enterprise. This individual contributor role, reporting to the Vice President, Security Assurance, bridges technical architecture, analytics, and oversight to maintain a resilient, measurable, and continuously improving network security posture. Partnering with Enterprise, Product Technology, and Security organizations, you’ll ensure network design and operations align with our Secure-by-Design / Secure-by-Default vision, protecting e-signature workflows and intelligent agreement platforms. Over time, this role may evolve to manage a small team of network security and data analysts for scalable, self-serve insights. In this hybrid role (minimum 2 days/week in-office), you’ll own the roadmap for network hardening, segmentation, and Zero Trust integration; evaluate technologies like SASE and micro-segmentation; build reference architectures for hybrid/cloud environments; and create dashboards for posture monitoring. You’ll drive pre-deployment security reviews, data pipelines for telemetry, and executive reporting on risk trends, fostering innovation while reducing attack surfaces in our fast-paced SaaS culture. What you bring: 12+ years in network/security architecture, expertise in firewalls, cloud segmentation, NIST/Zero Trust, and data tools like Tableau. Preferred: CCIE Security/CISSP, mentoring experience, and stellar collaboration skills. Docusign is committed to equality, trust, and making the world more agreeable—apply to contribute to our mission.

Key Responsibilities

• Own DocuSign’s Network Security Strategy, defining the roadmap for network hardening, segmentation, and Zero Trust integration to protect e-signature and intelligent agreement management platforms
• Align strategy with enterprise objectives around customer trust, attack surface reduction, and data-driven decision-making in a global SaaS environment
• Evaluate emerging network security technologies (SASE, SSE, micro-segmentation) for enterprise adoption and ensure seamless operationalization
• Develop and maintain network security reference architectures, configuration baselines, and standards for on-prem, hybrid, and multi-cloud environments
• Partner with Network Engineering to enforce security standards in all pre-deployment designs, driving principles like least privilege and secure routing
• Establish oversight processes to track adherence to standards, identify deviations, and drive remediation accountability across Product Technology and Security teams
• Design and oversee data pipelines consolidating network telemetry from diverse sources to monitor posture metrics like firewall hygiene and segmentation health
• Build and maintain self-serve network security dashboards for partner teams, integrating with Exposure Management for enterprise-wide visibility
• Present posture insights, risk trends, and analytics-driven recommendations to Technology and Security Leadership Teams
• Act as the bridge between Security Architecture, Network Operations, and Engineering, leading alignment sessions on strategy, roadmaps, and metrics
• Provide expert consultation for major network initiatives, cloud migrations, and design reviews supporting DocuSign's innovation in agreement lifecycle management

Required Qualifications

• 12+ years of experience in network architecture, security architecture, or related roles in large-scale enterprise or cloud environments
• Hands-on experience with network security technologies including firewalls/WAF, VPNs, SD-WAN, proxies, IDS/IPS, and routing protocols
• Deep expertise in cloud networking, segmentation, and hybrid connectivity models supporting high-availability SaaS platforms
• Proven track record developing and governing enterprise network security standards and reference architectures
• Experience with data modeling, dashboarding, or data visualization tools such as Power BI, Tableau, or equivalent
• Strong knowledge of NIST CSF, CIS benchmarks, and Zero Trust frameworks applied to secure agreement management workflows
• Demonstrated ability to align network security with business objectives like customer trust and attack surface reduction in a fast-paced SaaS environment

Preferred Qualifications

• Preferred certifications: CCIE Security, CCSP, CISSP, or equivalent
• Experience mentoring or managing technical contributors in security architecture teams
• Exceptional communication, influence, and cross-functional collaboration skills across engineering and product organizations

Required Skills

• Network security technologies (firewalls/WAF, VPNs, SD-WAN, proxies, IDS/IPS)
• Routing protocols and secure network design
• Cloud networking and hybrid connectivity (AWS, Azure, GCP)
• Zero Trust architecture implementation
• NIST CSF, CIS benchmarks application
• Data modeling and visualization (Power BI, Tableau)
• Reference architecture development and governance
• Data pipeline design and telemetry analysis
• Dashboard creation for self-serve security insights
• Cross-functional collaboration and influence
• Strategic roadmap planning and execution
• Risk quantification and prioritization
• Mentoring technical teams
• Excellent presentation and communication skills
• SASE/SSE/micro-segmentation evaluation

Benefits

• Competitive base salary with geographic adjustments (e.g., CA: $177,900 - $287,425; WA/NY/NJ/MD: $170,900 - $251,325)
• Company bonus plan based on performance and eligible wages
• Restricted Stock Units (RSUs) as part of total compensation
• Paid Time Off including earned time off and company holidays
• Paid Parental Leave up to six months for birth, adoption, or foster care
• Comprehensive health benefits with 100% employer-paid options from day one
• Retirement plans with potential employer contributions
• Learning and Development including coaching, online courses, and education reimbursements
• Compassionate Care Leave for life-changing events

DocuSign is an Equal Opportunity Employer.